Attacks and defenses in user authentication systems: A survey

Xuerui Wang, Zheng Yan*, Rui Zhang, Peng Zhang

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

21 Citations (Scopus)
47 Downloads (Pure)


User authentication systems (in short authentication systems) have wide utilization in our daily life. Unfortunately, existing authentication systems are prone to various attacks while both system security and usability are expected to be satisfied. But the current research still lacks a thorough survey on various types of attacks and corresponding countermeasures regarding user authentication, including traditional password-based and emerging biometric-based systems. In this paper, we make a comprehensive review on attacks and defenses of the authentication systems. We firstly introduce a number of common attacks by classifying them into different categories based on attacker knowledge, attack target, attack form and attack strength. Then, we propose a set of evaluation criteria for evaluating different kinds of attack defense mechanisms. Furthermore, we review and evaluate the existing methods of detecting and resisting attacks in the authentication systems by employing the proposed evaluation criteria as a common measure. Specifically, we focus on comparing and analyzing the performance of different defense mechanisms in different types of authentication systems. Through serious review and analysis, we put forward a number of open issues and propose some promising future research directions, hoping to inspire further research in this field.

Original languageEnglish
Article number103080
Number of pages21
JournalJournal of Network and Computer Applications
Publication statusPublished - 15 Aug 2021
MoE publication typeA1 Journal article-refereed


  • Attack detection
  • Authentication system
  • Biometric authentication
  • Deep neural networks
  • Defense mechanisms
  • Liveness detection
  • Machine learning
  • Spoofing attack


Dive into the research topics of 'Attacks and defenses in user authentication systems: A survey'. Together they form a unique fingerprint.

Cite this